容器命令

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
docker run imageName[:tag]                                     #新建容器并启动

docker ps                                                      #列出所有运行的容器
docker ps -a                                                   #列出所有容器

docker exec -it containerId或containerName /bin/bash           #进入容器内部
exit/Ctrl+P+Q                                                  #退出容器

docker stop start restart kill containerId或containerName      #启停容器

docker rm containerId或containerName                           #删除指定容器
docker rm -f containerId或containerName                        #强制删除启动的容器
docker rm -f $(docker ps -aq)                                  #强制删除所有容器
docker rm $(docker ps -q -f status=exited)        			   #删除所有未运行的容器

docker inspect containerId或containerName                      #查看容器信息
docker logs containerId或containerName                         #查看容器日志
docker top containerId或containerName                          #查看容器中进程信息

docker cp containerId或containerName:容器内路径 宿主机路径        #从容器中拷贝文件到宿主机
docker cp 宿主机路径 containerId或containerName:容器内路径        #从宿主机拷贝文件到容器

docker diff containerId或containerName                         #容器运行后文件发生的变化

docker commit containerId或containerName imageName[:tag]       #提交容器成为一个新的镜像

docker run(新建容器并启动)

名称,简写 描述
–name 指定容器名字用来区分容器,–name=”Name”或者 –name “Name”
-i 保持容器运行。通常与 -t 或 -d同时使用
-t 为容器重新分配一个伪输入终端,通常与 -i 同时使用,容器创建后自动进入容器中,退出容器后,容器自动关闭
-P(大写) 随机指定端口
-p 宿主机端口:容器端口 端口映射
-v 宿主机目录:容器目录 目录映射
-e 指定容器运行的环境变量
-w 指定容器内工作目录 
1
2
3
4
5
6
7
8
9
10
11
#运行容器,没有交互一般直接就退出了
docker run imageName[:tag]

#以交互式创建容器,容器创建后自动进入容器中,Crtl+P+Q退出,容器继续运行,exit退出容器后,容器自动退出
docker run -it imageName[:tag]

#以守护式创建容器,容器在后台运行,不会退出
docker run -[i]d imageName[:tag]

#以守护时创建容器,设定容器名称,端口映射,挂载文件目录
docker run -d --name 容器名称 -p 宿主机端口:容器端口 -v 宿主机目录:容器目录 imageName[:tag]

docker run执行流程

docker run执行流程
docker run执行流程

docker端口暴露示意图

docker端口暴露示意图
docker端口暴露示意图

容器重启策略

Docker容器的重启都是由Docker守护进程完成的,因此与守护进程息息相关

Docker容器的重启策略如下:
1
2
3
4
5
no				#默认策略,在容器退出时不重启容器
on-failure		#在容器非正常退出时(退出状态非0),才会重启容器
on-failure:3	#在容器非正常退出时重启容器,最多重启3次
always			#在容器退出时总是重启容器
unless-stopped	#在容器退出时总是重启容器,但是不考虑在Docker守护进程启动时就已经停止了的容器
Docker容器的退出状态码:
1
2
3
4
5
6
0				#表示正常退出
非0				#表示异常退出(退出状态码采用chroot标准)
125				#Docker守护进程本身的错误
126				#容器启动后,要执行的默认命令无法调用
127				#容器启动后,要执行的默认命令不存在
其他命令状态码		#容器启动后正常执行命令,退出命令时该命令的返回状态码作为容器的退出状态码
docker run的 --restart 选项

通过 –restart 选项,可以设置容器的重启策略,以决定在容器退出时Docker守护进程是否重启刚刚退出的容器

查看容器详情补充
1
2
3
4
5
#查看容器重启次数
docker inspect -f “{undefined{ .RestartCount }}” 容器名

#查看容器最后一次的启动时间
docker inspect -f “{undefined{ .State.StartedAt }}” 容器名

资源限制

限制CPU

docker run命令和 CPU 限制相关的所有选项如下:

选项 描述
--cpuset-cpus="" 允许使用的 CPU 集,值可以为 0-3,0,1
-c,--cpu-shares=0 CPU 共享权值(相对权重)
cpu-period=0 限制 CPU CFS 的周期,范围从 100ms~1s,即[1000, 1000000]
--cpu-quota=0 限制 CPU CFS 配额,必须不小于1ms,即 >= 1000
--cpuset-mems="" 允许在上执行的内存节点(MEMs),只对 NUMA 系统有效
  • --cpuset-cpus用于设置容器可以使用的 vCPU 核。
  • -c,--cpu-sharesCPU 资源的相对限制。

默认情况下,所有的容器得到同等比例的 CPU 周期。在有多个容器竞争 CPU 时我们可以设置每个容器能使用的 CPU 时间比例。这个比例叫作共享权值,通过-c或–cpu-shares设置。Docker 默认每个容器的权值为 1024。不设置或将其设置为 0,都将使用这个默认值。系统会根据每个容器的共享权值和所有容器共享权值和比例来给容器分配 CPU 时间。

--cpu-period--cpu-quataCPU资源的绝对限制
我们可以设置每个容器进程的调度周期,以及在这个周期内各个容器最多能使用多少 CPU 时间,使用--cpu-period即可设置调度周期,使用--cpu-quota即可设置在每个周期内容器能使用的 CPU 时间,两者配合使用。

CFS 周期的有效范围是 1ms~1s,对应的--cpu-period的数值范围是 1000~1000000。而容器的 CPU 配额必须不小于 1ms,即--cpu-quota的值必须 >= 1000。可以看出这两个选项的单位都是 us。

1
2
#将CFS调度的周期设为50000,将容器在每个周期内的CPU配额设置为25000,表示该容器每50ms可以得到50%的CPU运行时间。
docker run -it --cpu-period=50000 --cpu-quota=25000 ubuntu:16.04 /bin/bash
限制内存

docker run命令和内存限制相关的所有选项如下:

选项 描述
-m,--memory 内存限制,格式是数字加单位,单位可以为 b,k,m,g。最小为 4M
--memory-swap 内存+交换分区大小总限制。格式同上。必须比-m设置的大
--memory-reservation 内存的软性限制。格式同上
--oom-kill-disable 是否阻止 OOM killer 杀死容器,默认没设置
--oom-score-adj 容器被 OOM killer 杀死的优先级,范围是[-1000, 1000],默认为 0
--memory-swappiness 用于设置容器的虚拟内存控制行为。值为 0~100 之间的整数
--kernel-memory 核心内存限制。格式同上,最小为 4M
不设置

如果不设置-m,--memory--memory-swap,容器默认可以用完宿主机的所有内存和 swap 分区。不过注意,如果容器占用宿主机的所有内存和 swap 分区超过一段时间后,会被宿主机系统杀死(如果没有设置--00m-kill-disable=true的话)

设置-m,--memory,不设置--memory-swap

-m--memory设置一个不小于 4M 的值,假设为 a,不设置--memory-swap,或将--memory-swap设置为 0。这种情况下,容器能使用的内存大小为 a,能使用的交换分区大小也为 a。因为 Docker 默认容器交换分区的大小和内存相同。如果在容器中运行一个一直不停申请内存的程序,你会观察到该程序最终能占用内存大小为 2a
比如$ docker run -m 1G ubuntu:16.04,该容器能使用的内存大小为 1G,能使用的 swap 分区大小也为 1G。容器内的进程能申请到的总内存大小为 2G

设置-m,--memory=a,--memory-swap=b,且b

a 给-m设置一个参数 a,给--memory-swap设置一个参数 b。a 时容器能使用的内存大小,b是容器能使用的 内存大小 + swap 分区大小。所以 b 必须大于 a。b -a 即为容器能使用的 swap 分区大小。
比如$ docker run -m 1G --memory-swap 3G ubuntu:16.04,该容器能使用的内存大小为 1G,能使用的 swap 分区大小为 2G。容器内的进程能申请到的总内存大小为 3G

设置-m,--memory=a,--memory-swap=-1

-m参数设置一个正常值,而给--memory-swap设置成 -1。这种情况表示限制容器能使用的内存大小为 a,而不限制容器能使用的 swap 分区大小。容器内进程能申请到的内存大小为 a + 宿主机的 swap 大小

Memory

reservation 是一种软性机制 它不保证任何时刻容器使用的内存不会超过--memory-reservation限定的值,它只是确保容器不会长时间占用超过--memory-reservation限制的内存大小

1
2
#如果容器使用了大于 200M 但小于 500M 内存时,下次系统的内存回收会尝试将容器的内存锁紧到 200M 以下。
docker run -it -m 500M --memory-reservation 200M ubuntu:16.04 /bin/bash
查看容器资源占用情况
1
2
3
4
5
6
7
8
9
10
11
12
[root@localhost ~]# docker stats
CONTAINER ID   NAME             CPU %     MEM USAGE / LIMIT     MEM %     NET I/O      BLOCK I/O     PIDS
8ce58b825e76   charming_bassi   0.00%     1.859MiB / 3.507GiB   0.05%     107kB / 0B   2.31MB / 0B   1
4862c3d32d3b   mycentos         0.00%     1.527MiB / 3.507GiB   0.04%     269kB / 0B   7.45MB / 0B   1
bf4bcd3a37ad   nginx_c_v4       0.00%     3.289MiB / 3.507GiB   0.09%     268kB / 0B   11.7MB / 0B   3
a916f1d3c625   nginx_c_v3       0.00%     3.152MiB / 3.507GiB   0.09%     268kB / 0B   4.1kB / 0B    3
2504291aeb98   nginx_c_v2       0.00%     3.051MiB / 3.507GiB   0.08%     268kB / 0B   4.1kB / 0B    3
5a2f59d8b461   nginx_c_v1       0.00%     3.148MiB / 3.507GiB   0.09%     268kB / 0B   4.1kB / 0B    3
09593f4c5c55   nginx_ct1        0.00%     3.148MiB / 3.507GiB   0.09%     268kB / 0B   20.5kB / 0B   3
f5ef981caaca   nginx_cb2        0.00%     3.152MiB / 3.507GiB   0.09%     268kB / 0B   4.1kB / 0B    3
5d5671155661   nginx_cv3        0.00%     3.094MiB / 3.507GiB   0.09%     268kB / 0B   4.1kB / 0B    3
4ed35df5bfa7   nginx_cv2        0.00%     3.188MiB / 3.507GiB   0.09%     268kB / 0B   4.1kB / 0B    3

privileged参数(特权模式)

大约在0.6版,privileged被引入docker。使用该参数,container内的root拥有真正的root权限。否则,container内的root只是宿主机的一个普通用户权限。privileged启动的容器,可以看到很多host上的设备,并且可以执行mount,甚至允许你在docker容器中启动docker容器。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
#默认是--privileged=false,不能挂载
[root@localhost ~]# docker run -t -i centos:latest bash
[root@b29ab618a011 /]# mkdir /home/test/
[root@b29ab618a011 /]# mkdir /home/test2/
[root@b29ab618a011 /]# mount -o bind /home/test  /home/test2
mount: /home/test2: permission denied.
[root@b29ab618a011 /]# exit
exit

#设定了--privileged=true,
[root@localhost ~]# docker run -t -i --privileged=true centos:latest bash
[root@3238a6df6a3a /]# mkdir /home/test/
[root@3238a6df6a3a /]# mkdir /home/test2/
[root@3238a6df6a3a /]# mount -o bind /home/test  /home/test2
[root@3238a6df6a3a /]#

docker ps(列出所有运行的容器)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
[root@localhost ~]# docker ps --help

Usage:  docker ps [OPTIONS]

List containers

Options:
  -a, --all             Show all containers (default shows just running)
  -f, --filter filter   Filter output based on conditions provided
      --format string   Pretty-print containers using a Go template
  -n, --last int        Show n last created containers (includes all states) (default -1)
  -l, --latest          Show the latest created container (includes all states)
      --no-trunc        Don't truncate output
  -q, --quiet           Only display container IDs
  -s, --size            Display total file sizes  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#显示所有运行容器
[root@localhost ~]# docker ps
CONTAINER ID   IMAGE     COMMAND                  CREATED          STATUS          PORTS                                   NAMES
e244a095f856   nginx     "/docker-entrypoint.…"   41 seconds ago   Up 40 seconds   0.0.0.0:3344->80/tcp, :::3344->80/tcp   nginx_crun
45f8aca32e8a   centos    "/bin/bash"              2 minutes ago    Up 2 minutes                                            quirky_swirles

#显示所有容器,包括非运行中的容器
[root@localhost ~]# docker ps -a
CONTAINER ID   IMAGE     COMMAND                  CREATED              STATUS                     PORTS                                   NAMES
e244a095f856   nginx     "/docker-entrypoint.…"   About a minute ago   Up About a minute          0.0.0.0:3344->80/tcp, :::3344->80/tcp   nginx_crun
a36ec2025146   centos    "/bin/bash"              2 minutes ago        Exited (0) 2 minutes ago                                           stupefied_archimedes
45f8aca32e8a   centos    "/bin/bash"              2 minutes ago        Up 2 minutes                                                       quirky_swirles
546e34cebc66   centos    "/bin/bash"              3 minutes ago        Exited (0) 3 minutes ago                                           friendly_ritchie

#显示正在运行的容器包括历史容器ID
[root@localhost ~]# docker ps -aq
e244a095f856
a36ec2025146
45f8aca32e8a
546e34cebc66

#显示最后一条容器
[root@localhost ~]# docker ps -l
CONTAINER ID   IMAGE     COMMAND                  CREATED         STATUS         PORTS                                   NAMES
e244a095f856   nginx     "/docker-entrypoint.…"   3 minutes ago   Up 3 minutes   0.0.0.0:3344->80/tcp, :::3344->80/tcp   nginx_crun

#显示最后几条容器
[root@localhost ~]# docker ps -n 2
CONTAINER ID   IMAGE     COMMAND                  CREATED         STATUS                     PORTS                                   NAMES
e244a095f856   nginx     "/docker-entrypoint.…"   3 minutes ago   Up 3 minutes               0.0.0.0:3344->80/tcp, :::3344->80/tcp   nginx_crun
a36ec2025146   centos    "/bin/bash"              4 minutes ago   Exited (0) 4 minutes ago                                           stupefied_archimedes

docker exec(进入容器内部)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
[root@localhost ~]# docker exec --help

Usage:  docker exec [OPTIONS] CONTAINER COMMAND [ARG...]

Run a command in a running container

Options:
  -d, --detach               Detached mode: run command in the background
      --detach-keys string   Override the key sequence for detaching a container
  -e, --env list             Set environment variables
      --env-file list        Read in a file of environment variables
  -i, --interactive          Keep STDIN open even if not attached
      --privileged           Give extended privileges to the command
  -t, --tty                  Allocate a pseudo-TTY
  -u, --user string          Username or UID (format: <name|uid>[:<group|gid>])
  -w, --workdir string       Working directory inside the container
1
2
3
4
5
[root@localhost ~]# docker run -d --name nginx_cexec nginx
0c3cc43e2c77f90dfa00c3782a312057cef1e28bdc28a44b72d42040cfd2263a

[root@localhost ~]# docker exec -it nginx_cexec /bin/bash
root@0c3cc43e2c77:/#

exit/Ctrl + P + Q(退出容器)

1
2
exit           #前台交互式退出容器,容器退出
Ctrl + P + Q   #前台交互式退出容器,容器保持运行
1
2
3
4
5
6
7
8
9
10
11
12
#exit退出容器
[root@localhost ~]# docker run -it --name centos_cexit centos
[root@3d2494edc773 /]# exit   
exit

#Ctrl+P+Q退出容器
[root@localhost ~]# docker run -it --name centos_cctlpq centos
[root@a58d1f9c181a /]# 
[root@localhost ~]# docker ps -n 2
CONTAINER ID   IMAGE     COMMAND       CREATED          STATUS                      PORTS     NAMES
a58d1f9c181a   centos    "/bin/bash"   30 seconds ago   Up 29 seconds                         centos_cctlpq
3d2494edc773   centos    "/bin/bash"   2 minutes ago    Exited (0) 45 seconds ago             centos_cexit

docker stop start restart kill(启停容器)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
[root@localhost ~]# docker run -d --name nginx_cqt nginx
8cf831c8c78971f9a40139ba957693e22d9c65912e842c946edfe0154741c118

#停止容器
[root@localhost ~]# docker stop nginx_cqt
nginx_cqt

#启动容器
[root@localhost ~]# docker start nginx_cqt
nginx_cqt

#重启容器
[root@localhost ~]# docker restart nginx_cqt
nginx_cqt

#暂停容器
[root@localhost ~]# docker pause nginx_cqt
nginx_cqt

#恢复暂停
[root@localhost ~]# docker unpause nginx_cqt
nginx_cqt

#强制停止容器
[root@localhost ~]# docker kill nginx_cqt
nginx_cqt

docker rm(删除容器)

1
2
3
4
5
6
7
8
9
10
[root@localhost ~]# docker rm --help

Usage:  docker rm [OPTIONS] CONTAINER [CONTAINER...]

Remove one or more containers

Options:
  -f, --force     Force the removal of a running container (uses SIGKILL)
  -l, --link      Remove the specified link
  -v, --volumes   Remove anonymous volumes associated with the container
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
[root@localhost ~]# docker ps -a
CONTAINER ID   IMAGE     COMMAND                  CREATED          STATUS                            PORTS                                   NAMES
8cf831c8c789   nginx     "/docker-entrypoint.…"   3 minutes ago    Exited (137) About a minute ago                                           nginx_cqt
e244a095f856   nginx     "/docker-entrypoint.…"   9 minutes ago    Up 9 minutes                      0.0.0.0:3344->80/tcp, :::3344->80/tcp   nginx_crun
a36ec2025146   centos    "/bin/bash"              10 minutes ago   Exited (0) 9 minutes ago                                                  stupefied_archimedes
45f8aca32e8a   centos    "/bin/bash"              10 minutes ago   Up 10 minutes                                                             quirky_swirles
546e34cebc66   centos    "/bin/bash"              11 minutes ago   Exited (0) 11 minutes ago                                                 friendly_ritchie

#无法直接删除运行容器
[root@localhost ~]# docker rm nginx_crun
Error response from daemon: You cannot remove a running container e244a095f8569fcd00da63d939ed1cb382595195ed5da4c22dbb634f5f9197fc. Stop the container before attempting removal or force remove

#删除退出的容器
[root@localhost ~]# docker rm friendly_ritchie
friendly_ritchie

#-f 强制删除运行中的容器
[root@localhost ~]# docker rm -f nginx_crun
nginx_crun

#删除多个容器
[root@localhost ~]# docker rm -f nginx_cqt stupefied_archimedes 
nginx_cqt
stupefied_archimedes

#删除所有容器
[root@localhost ~]# docker rm -f $(docker ps -aq)
45f8aca32e8a

docker inspect(查看容器信息)

1
2
3
4
5
6
7
8
9
10
[root@localhost ~]# docker inspect --help

Usage:  docker inspect [OPTIONS] NAME|ID [NAME|ID...]

Return low-level information on Docker objects

Options:
  -f, --format string   Format the output using the given Go template
  -s, --size            Display total file sizes if the type is container
      --type string     Return JSON for specified type
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
[root@localhost ~]# docker run -d --name nginx_cinspect nginx
0747a4ca275edbe5fbfc3f6c3009de1cd7f9a9f50314cd2867432c2f52c24537
[root@localhost ~]# docker inspect nginx_cinspect
[
    {
        ...
        "Config": {
            "Hostname": "0747a4ca275e",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
                "80/tcp": {}
            },
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "NGINX_VERSION=1.21.5",
                "NJS_VERSION=0.7.1",
                "PKG_RELEASE=1~bullseye"
            ],
            "Cmd": [
                "nginx",
                "-g",
                "daemon off;"
            ],
            "Image": "nginx",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": [
                "/docker-entrypoint.sh"
            ],
            "OnBuild": null,
            "Labels": {
                "maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>"
            },
            "StopSignal": "SIGQUIT"
        },
        ...
    }
]

docker logs(查看容器日志)

1
2
3
4
5
6
7
8
9
10
11
12
13
[root@localhost ~]# docker logs --help

Usage:  docker logs [OPTIONS] CONTAINER

Fetch the logs of a container

Options:
      --details        Show extra details provided to logs
  -f, --follow         Follow log output
      --since string   Show logs since timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)
  -n, --tail string    Number of lines to show from the end of the logs (default "all")
  -t, --timestamps     Show timestamps
      --until string   Show logs before a timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
#查看容器日志
[root@localhost ~]# docker run -d --name nginx_clogs nginx
4ea24b83a984a3df63ac98439d7f51ca2b78a6f7544b0aadaaf9742838179681

[root@localhost ~]# docker logs nginx_clogs
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2022/01/14 03:29:24 [notice] 1#1: using the "epoll" event method
2022/01/14 03:29:24 [notice] 1#1: nginx/1.21.5
2022/01/14 03:29:24 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6) 
2022/01/14 03:29:24 [notice] 1#1: OS: Linux 4.18.0-193.28.1.el8_2.x86_64
2022/01/14 03:29:24 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2022/01/14 03:29:24 [notice] 1#1: start worker processes
2022/01/14 03:29:24 [notice] 1#1: start worker process 31
2022/01/14 03:29:24 [notice] 1#1: start worker process 32

#查看最近20分钟内最近10条日志,并实时监控后续日志
[root@localhost ~]# docker logs -f --since 20m --tail 10 nginx_clogs
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2022/01/14 03:29:24 [notice] 1#1: using the "epoll" event method
2022/01/14 03:29:24 [notice] 1#1: nginx/1.21.5
2022/01/14 03:29:24 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6) 
2022/01/14 03:29:24 [notice] 1#1: OS: Linux 4.18.0-193.28.1.el8_2.x86_64
2022/01/14 03:29:24 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2022/01/14 03:29:24 [notice] 1#1: start worker processes
2022/01/14 03:29:24 [notice] 1#1: start worker process 31
2022/01/14 03:29:24 [notice] 1#1: start worker process 32

#查询某个时间段内的日志
[root@localhost ~]# docker logs --since='2022-01-13' --until='2022-01-15' nginx_clogs
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2022/01/14 03:29:24 [notice] 1#1: using the "epoll" event method
2022/01/14 03:29:24 [notice] 1#1: nginx/1.21.5
2022/01/14 03:29:24 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6) 
2022/01/14 03:29:24 [notice] 1#1: OS: Linux 4.18.0-193.28.1.el8_2.x86_64
2022/01/14 03:29:24 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2022/01/14 03:29:24 [notice] 1#1: start worker processes
2022/01/14 03:29:24 [notice] 1#1: start worker process 31
2022/01/14 03:29:24 [notice] 1#1: start worker process 32

docker top(查看容器中进程信息)

1
2
3
4
5
[root@localhost ~]# docker top nginx_clogs
UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
root                98433               98414               0                   11:29               ?                   00:00:00            nginx: master process nginx -g daemon off;
101                 98505               98433               0                   11:29               ?                   00:00:00            nginx: worker process
101                 98506               98433               0                   11:29               ?                   00:00:00            nginx: worker process

docker cp(容器主机间拷贝)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
[root@localhost ~]# docker cp --help

Usage:  docker cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|-
        docker cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH

Copy files/folders between a container and the local filesystem

Use '-' as the source to read a tar archive from stdin
and extract it to a directory destination in a container.
Use '-' as the destination to stream a tar archive of a
container source to stdout.

Options:
  -a, --archive       Archive mode (copy all uid/gid information)
  -L, --follow-link   Always follow symbol link in SRC_PATH
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#宿主机创建空目录,运行一个容器
[root@localhost ~]# mkdir -p /home/testfile
[root@localhost ~]# docker run -d --name nginx_ccp -p 3344:80 nginx
8a8486c624465b389f8f218bb9663d77d8ae14c1529d85243a9a27d5eb8f5720

#容器文件拷贝到宿主机
[root@localhost ~]# docker cp nginx_ccp:/usr/share/nginx/html/index.html /home/testfile
[root@localhost ~]# ls /home/testfile
index.html

#宿主机文件拷贝到容器
[root@localhost ~]# docker cp /home/testfile/index.html nginx_ccp:/usr/share/nginx/html/test.html
[root@localhost ~]# curl localhost:3344/test.html
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

docker diff(容器运行后文件发生的变化)

  • A: 表示新增的文件或目录。
  • D: 表示删除的文件或目录。
  • C: 表示修改过的文件或目录。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
[root@localhost ~]# docker diff nginx_ccp
C /var
C /var/cache
C /var/cache/nginx
A /var/cache/nginx/uwsgi_temp
A /var/cache/nginx/client_temp
A /var/cache/nginx/fastcgi_temp
A /var/cache/nginx/proxy_temp
A /var/cache/nginx/scgi_temp
C /usr
C /usr/share
C /usr/share/nginx
C /usr/share/nginx/html
A /usr/share/nginx/html/test.html
C /etc
C /etc/nginx
C /etc/nginx/conf.d
C /etc/nginx/conf.d/default.conf
C /run
A /run/nginx.pid

docker commit(提交容器成镜像)

1
2
3
4
5
6
7
8
9
10
11
[root@localhost ~]# docker commit --help

Usage:  docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]

Create a new image from a container's changes

Options:
  -a, --author string    Author (e.g., "John Hannibal Smith <hannibal@a-team.com>")
  -c, --change list      Apply Dockerfile instruction to the created image
  -m, --message string   Commit message
  -p, --pause            Pause container during commit (default true)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
[root@localhost ~]# docker commit nginx_ccp mynginximage
sha256:e902a486acf0bc36ddccec85d5372d96427b04eba12e687bf7d472f39a3193ef
[root@localhost ~]# docker images mynginximage
REPOSITORY     TAG       IMAGE ID       CREATED          SIZE
mynginximage   latest    e902a486acf0   16 seconds ago   141MB

#运行新镜像的容器,访问成功
[root@localhost ~]# docker run -d --name nginx_ccommit -p 3355:80 mynginximage
23f76aae87471bd974f650eebb13ac4bb00bb6301ca265c30619770415c159a7
[root@localhost ~]# curl localhost:3355/test.html
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>